If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

perfmon shows current bandwidth maxed out

Hello all,
This may be the wrong place to post this and if so let me know and I'll delete and move it to another area if you can point me in the right direction. Here's my issue: I have a late model, but still fairly robust Dell PoweEdge running Svr 2K. It's fully patched, has the latest anti-virus defs, and in fact is the machine I'm using for my LiveUpdate server. I kept seeing my firewall and my Packeteer getting slammed with traffic from the servers address so after combing over the machine to check if it was compromised somehow and finding nothing, I started looking at the NIC properties. Everything looks normal. But perfmon shows the current bandwidth maxed out. Packets in and out seem to be about average, right around what I would consider normal for a machine that is functioning as my backup host and virus def provider for the network. Netstat and netuse are showing no TCP or UDP connections that I don't know about. I can see the connections out to Symantec and Microsoft for the updates, but still this machine keeps hammering away at my firewall and packet shaper from the inside. Can anyone recommend a good tool for finding out exactly why it's doing this, or could I just have a faulty NIC that has finally started to fall apart? Thanks in advance for any help or clever ideas.

Thanks to both of you. Ethereal (my first time using it by the way...great stuff) showed a UDP connection with another machine on my network. Now I just have to wander around campus until I can find where it's at.

a bad nic can cause a packet storm. replace the nic card and if you still have the problem use a sniffer.

there is a linux bootable cd called audit. it has ethereal and another program called etherape on it. etherape is a visual protocol analyser that shows what is coming from where and how much of it. i like the cd because it does not require the installation of anything. just put the cd in the drawer and reboot the computer (not the one in question though) the cd has a multitude of othe forensic tools as well. you will not be sorry if you get it

Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

would anyone happen to have a link to an ISO for the cd? i found the other computer and brought it back to my office and i'm going over it now to try and find why it was bouncing connections back and forth to the server. (big amounts of data by the way. a ten second capture in ethereal yeilded an almost 8 MB file). The server itself, while no longer showing a constant connection to the computer in question, is still showing it's current bandwidth as maxed out and it's still beating the hell out of my firewall and packeteer. i can't bring down the server to replace the NIC just yet so i want to try and look at other solutions to the problem. would it be useful if i posted a snippet of the capture files (with the IP's blanked out, of course ) just so i can get another opinion on if i am reading this right?

Thanks, I'm going to download it and check it out. In what I think proved to be a resolution to my problem, I paid a bit closer of attention to the log from Ethereal and noticed the port the traffic was coming across. Symantec System Center uses that port for pushing updates and pulling update status from remote clients. After I deleted the entry for the offending party out of System Center's console, the bashing stopped. The client computer only had about 20MB of disk space left and what I'm assuming was going on was that SSC was trying to push all the backlogged updates out to the client and was getting everything thrown right back. Sound plausible? Regardless, the trash on the network seems to have cleared up. I really appreciate such a helpful welcome to A.O. Hope I can return the favor as I get a bit smarter.